diff options
author | zwelch <zwelch@b42882b7-edfa-0310-969c-e2dbd0fdcd60> | 2009-06-13 08:38:57 +0000 |
---|---|---|
committer | zwelch <zwelch@b42882b7-edfa-0310-969c-e2dbd0fdcd60> | 2009-06-13 08:38:57 +0000 |
commit | 4f4592539d61764397257438d6914137498cbf70 (patch) | |
tree | 5eb225a96c437ce7fa2d9774f269ad8323d11d7c /doc | |
parent | 0ffbc6033346d182f37b9a8ff9fa5af8d9f0ce6a (diff) | |
download | openocd_libswd-4f4592539d61764397257438d6914137498cbf70.tar.gz openocd_libswd-4f4592539d61764397257438d6914137498cbf70.tar.bz2 openocd_libswd-4f4592539d61764397257438d6914137498cbf70.tar.xz openocd_libswd-4f4592539d61764397257438d6914137498cbf70.zip |
David Brownell <david-b@pacbell.net>:
OpenOCD doesn't actually *need* to be keeping all TCP ports
active ... creating security issues in some network configs.
Instead, let config file specify e.g. "tcl_port 0" (or gdb_port,
telnet_port) to disable that particular remote access method.
git-svn-id: svn://svn.berlios.de/openocd/trunk@2240 b42882b7-edfa-0310-969c-e2dbd0fdcd60
Diffstat (limited to 'doc')
-rw-r--r-- | doc/openocd.texi | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/doc/openocd.texi b/doc/openocd.texi index f6783902..d5f78b32 100644 --- a/doc/openocd.texi +++ b/doc/openocd.texi @@ -1422,10 +1422,17 @@ the memory read/write commands. This includes @command{nand probe}. @cindex TCP port @cindex server @cindex port +@cindex security The OpenOCD server accepts remote commands in several syntaxes. Each syntax uses a different TCP/IP port, which you may specify only during configuration (before those ports are opened). +For reasons including security, you may wish to prevent remote +access using one or more of these ports. +In such cases, just specify the relevant port number as zero. +If you disable all access through TCP/IP, you will need to +use the command line @option{-pipe} option. + @deffn {Command} gdb_port (number) @cindex GDB server Specify or query the first port used for incoming GDB connections. @@ -1433,6 +1440,7 @@ The GDB port for the first target will be gdb_port, the second target will listen on gdb_port + 1, and so on. When not specified during the configuration stage, the port @var{number} defaults to 3333. +When specified as zero, this port is not activated. @end deffn @deffn {Command} tcl_port (number) @@ -1442,6 +1450,7 @@ output from the Tcl engine. Intended as a machine interface. When not specified during the configuration stage, the port @var{number} defaults to 6666. +When specified as zero, this port is not activated. @end deffn @deffn {Command} telnet_port (number) @@ -1450,6 +1459,7 @@ port on which to listen for incoming telnet connections. This port is intended for interaction with one human through TCL commands. When not specified during the configuration stage, the port @var{number} defaults to 4444. +When specified as zero, this port is not activated. @end deffn @anchor{GDB Configuration} |